Privacy Policy

Last updated: 29 May 2026

The short version: we collect only what we need to run the service. We don't sell your data. Your documents are encrypted and private. You can delete your account and all data at any time.

1. What we collect

When you use QRYall, we may collect:

Account data your email address, name and password hash
Card content whatever you enter on your Q Card (name, bio, links, photo)
QR code data the destination URLs and settings for your QR codes
Documents files you upload to the Document Vault
Usage data QR scan logs (IP address, timestamp, user agent), verification logs
Lead data contact details submitted by people who visit your Q Card

2. How we use your data

To provide and operate the service
To send verification and transactional emails (account setup, password reset)
To provide scan and verification analytics to you as the account holder
To investigate abuse or Terms violations

We do not use your data for advertising. We do not sell your data to third parties. We do not use your documents to train AI models.

3. Document Vault privacy

Documents uploaded to the vault are stored on IONOS servers in the EU. Invisible ownership signatures are encrypted with AES-256. The encrypted signature is stored in our database and can only be decrypted by you, using your account credentials.

Public verification pages show only the document title, protection date and type never the document content or your invisible signature.

4. QR code scan logging

When someone scans your QR code, we log: the QR code UID, timestamp, IP address and user agent string. This data is shown to you in your analytics dashboard. We do not link scan data to individual people's identities.

5. Cookies

We use a single session cookie to keep you logged in. We do not use tracking cookies, advertising cookies or third-party analytics.

6. Data retention

Account data is retained until you delete your account
Uploaded documents are deleted when you remove them or delete your account
Scan logs are retained for 12 months
Deleted account data is purged within 30 days

7. Your rights

Depending on your location, you may have the right to access, correct or delete your personal data. To exercise these rights, email privacy@qryall.com or delete your account directly from Settings.

8. Data security

We use HTTPS for all connections, bcrypt for password hashing, and AES-256 encryption for document signatures. Uploaded files are stored with randomised names and are not publicly guessable.

9. Third parties

We use IONOS for hosting and storage. Payment processing is handled by Stripe, which has its own privacy policy. We do not share your data with any other third parties.

10. Changes

We will notify registered users by email of any material changes to this policy. The "last updated" date at the top reflects the most recent revision.

11. Contact

Privacy questions: privacy@qryall.com